# Copyright 2019 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# NOTE: This file is auto generated by the elixir code generator program.
# Do not edit this file manually.

defmodule GoogleApi.STS.V1.Model.GoogleIdentityStsV1betaAccessBoundaryRule do
  @moduledoc """
  An access boundary rule defines an upper bound of IAM permissions on a single resource.

  ## Attributes

  *   `availabilityCondition` (*type:* `GoogleApi.STS.V1.Model.GoogleTypeExpr.t`, *default:* `nil`) - The availability condition further constrains the access allowed by the access boundary rule. If the condition evaluates to `true`, then this access boundary rule will provide access to the specified resource, assuming the principal has the required permissions for the resource. If the condition does not evaluate to `true`, then access to the specified resource will not be available. Note that all access boundary rules in an access boundary are evaluated together as a union. As such, another access boundary rule may allow access to the resource, even if this access boundary rule does not allow access. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies). The maximum length of the `expression` field is 2048 characters.
  *   `availablePermissions` (*type:* `list(String.t)`, *default:* `nil`) - A list of permissions that may be allowed for use on the specified resource. The only supported values in the list are IAM roles, following the format of google.iam.v1.Binding.role. Example value: `inRole:roles/logging.viewer` for predefined roles and `inRole:organizations/{ORGANIZATION_ID}/roles/logging.viewer` for custom roles.
  *   `availableResource` (*type:* `String.t`, *default:* `nil`) - The full resource name of a Google Cloud resource entity. The format definition is at https://cloud.google.com/apis/design/resource_names. Example value: `//cloudresourcemanager.googleapis.com/projects/my-project`.
  """

  use GoogleApi.Gax.ModelBase

  @type t :: %__MODULE__{
          :availabilityCondition => GoogleApi.STS.V1.Model.GoogleTypeExpr.t() | nil,
          :availablePermissions => list(String.t()) | nil,
          :availableResource => String.t() | nil
        }

  field(:availabilityCondition, as: GoogleApi.STS.V1.Model.GoogleTypeExpr)
  field(:availablePermissions, type: :list)
  field(:availableResource)
end

defimpl Poison.Decoder, for: GoogleApi.STS.V1.Model.GoogleIdentityStsV1betaAccessBoundaryRule do
  def decode(value, options) do
    GoogleApi.STS.V1.Model.GoogleIdentityStsV1betaAccessBoundaryRule.decode(value, options)
  end
end

defimpl Poison.Encoder, for: GoogleApi.STS.V1.Model.GoogleIdentityStsV1betaAccessBoundaryRule do
  def encode(value, options) do
    GoogleApi.Gax.ModelBase.encode(value, options)
  end
end
